German Penetration Testing Services for Payment, Healthcare, and Complex System Environments
As the original penetration testing entity, binsec GmbH forms the operational foundation of binsec group GmbH. Since 2013, our permanently employed, highly certified experts (including OSCP, OSCE) have been conducting professional penetration tests based on international standards. With this extensive operational experience in the payment, banking, and healthcare sectors, we assess your business-critical systems from the perspective of advanced attackers.
Specializing in manual analysis, we clearly distinguish our services from automated vulnerability scans: Decisive security vulnerabilities are identified through structured manual analysis. This methodological expertise is also directly integrated into practical pentest training labs via binsec academy GmbH. We tailor the approach precisely to your threat model, utilizing efficient grey-box analysis for maximum transparency and depth. As a result, you receive an audit-ready final report with a clear risk assessment and actionable remediation recommendations.
Request a quote
More than 10 years of practical experience in penetration testing
Assessments performed exclusively by employed senior penetration testers
No subcontractors or external freelancers
Direct communication with the responsible senior penetration tester
Fully controlled in-house testing infrastructure, no cloud services used
Structured and reproducible testing approach
Identification of technical and business-relevant security risks
Risk-weighted vulnerability assessment or CVSS based scoring
Detailed report including executive summary and technical documentation
Retesting of identified vulnerabilities included
Pentesting
Areas
Web Application Pentesting
We perform penetration test of web applications. The scope and complexity of a web application can range from a static web page to a multi-tenant application. This is also reflected in the number of pages in the OWASP Testing Guide, which summarizes test methods against web applications on several hundred pages. We pentest a web application both with and without credentials. In order to efficiently detect errors in the authorization management of the web application, we request test accounts for each user role and for different tenants if applicable. During a penetration test we also test for typical attacks like Injection and XSS, of course.
Medical Device Pentest
We conduct penetration test of medical devices in order to comply with the Medical Device Regulation (MDR). The MDR requires verification and validation that medical products and software are secure. The Medical Device Coordination Group in its guidance document on cybersecurity for medical devices states, that the primary means of security verification and validation is testing.
Internal Pentest
binsec GmbH performs internal penetration tests to identify vulnerabilities in networks, systems, and applications from the perspective of an attacker with internal access. Attack surfaces are analyzed, user privileges are assessed, and potential escalation and lateral movement paths are evaluated. Depending on the scope, different scenarios are applied, such as testing without credentials, with user accounts, or including physical security. Typical targets include Active Directory, internal services, web applications, network segmentation, and wireless and IoT systems.
External Pentest
binsec GmbH performs external penetration tests to assess internet-facing systems from an attacker’s perspective. Publicly available information is analyzed, exposed services are identified, and vulnerabilities are manually assessed. Depending on the defined scope, vulnerabilities may be actively exploited to demonstrate real-world impact. Typical targets include web applications, APIs, network infrastructure, cloud services, and email systems. All tests follow recognized standards such as OWASP and OSSTMM, ensuring a structured and reproducible assessment.
Mobile APP Pentesting
binsec GmbH performs penetration testing of Android and iOS apps. The test method used by binsec GmbH for mobile applications (Android and iOS) is based on the OWASP Mobile Application Security Testing Guide and the OWASP Mobile TOP 10. The Open Web Application Security Project (OWASP) is currently the world's largest non-profit organisation, the objective of which is to increase the security of applications.
API Pentesting
We perform penetration test of APIs and regulary test REST API and XML APIs for example. An API can be examined for vulnerabilities both as an independent test object in a penetration test and in combination with a front end. We usual ask for some kind of API documentation or a description of the APIs complexity during the offer process, in order to assess the required time for the penetration test. If a web appliucation is using an API, we also can determine the available endpoints of an API as part of a penetration test. Typical API security vulnerabilities are, for example, input validation errors or inadequate authorization management.
How-To
Get a Pentest Offer
Get in touch
Get in touch with us, best by using our contact form.
Let's talk
We will get back to you shortly to either schedule a call or provide more information via e-mail.
Receive the offer
After we got an understand about the scope and your requirements, we compile a comprehensive pentest offer and send it to you.
Sign it
If everything is fine, you may sign the last page of our offer or we talk about necessary adjustments.
Kick-Off and Planning
Now let's do the planning of the pentesting. Finding the execution period and schedule a kick-off call if necessary.
Executing the Penetration Test
We conduct the penetration test. We typically require a technical contact to call or mail if we have any questions.
Reporting
We compile the pentest report and send it to you.
Re-Testing
We do the re-testing free of charge if remote.
Talk now
to our
Pentest experts.
Contact us
OSCP, M.Sc. Security Management
Talk now to our Pentest experts.
OSCP, M.Sc. Security Management
+49 692475607-0